EPSS
Percentile
30.9%
sylius/resource-bundle is vulnerable to information disclosure. The vulnerability exists as ResourceBundle did not properly restrict the values of serialization_groups to be passed through the HTTP header.
serialization_groups
github.com/FriendsOfPHP/security-advisories/blob/master/sylius/resource-bundle/CVE-2020-5220.yaml
github.com/Sylius/SyliusResourceBundle/commit/9e77f83d4c7c7db0dc3d5cba778bd246486c5999
github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-8vp7-j5cj-vvm2